The present invention relates generally to software system performance diagnosis, and more particularly, to software system performance diagnosis with kernel event feature guidance.
Localizing performance anomalies in enterprise software systems have constraints different from conventional debugging environments. A monitoring agent for deployed systems should run efficiently with minimal overhead. Otherwise performance overhead of the monitoring software can hide the performance problems. While using the source code is effective for debugging, in a typical scenario using commercial off-the-shelf (COTS) software, administrators lack knowledge of the software. Moreover the source code of third party software components is often not available. Efficient performance debugging without requiring source code is in huge demand for production systems.
There have been several major approaches in traditional program debugging to localize performance anomalies.
Traditional debugging takes application programs executed in a special debugging mode (e.g., single-step mode, ptrace, and dynamic compilation). While this approach provides fine grained control and detailed information deep inside the program, it inhibits the observance of workload with the full fidelity because the overhead of the monitor prevents the program from executing in the full production-level speed.
Other approaches embed a monitoring agent into the program by modifying source code and observes the program's behavior in a fine grained way. This white-box approach has advantages in profiling and categorizing the application status since internal information such as functions or objects are available [7, 8]. However, often the proprietary software is provided in a binary format and third-party software comes without source code information. This requirement for source code availability limits the applicability of this approach for a wide set of software.
There is another approach that uses low level events (e.g., system calls) to determine application status. Since this approach does not rely on software's internal knowledge, it is called a black-box approach. Compared to other two approaches, this solution has the advantage that it can monitor software without involving the constraints in the application level. Another work models application behavior by building paths of kernel events. The collected traces in this work are treated as homogeneous traces. In real deployment scenarios, high complexity and diverse set of functions of enterprise applications generate a highly dynamic set of operations in the application behavior. The assumption on homogeneous behavior can trigger false alarms since different types of application activities can be considered as anomaly.
Accordingly, there is a need for request profiling in service systems with kernel events.